Methods for security checking of transmitted communication data are often referred to as “firewalls”. These are methods and devices which are aimed at preventing unauthorized access to data and in particular at preventing the introduction of computer viruses.
Firewalls are frequently deployed at the boundaries of two adjacent communication networks in order to preclude from the outset the infiltration of computer viruses into, for example, a private communication network of the “LAN” type (LAN: Local Area Network). Firewalls of this kind have the disadvantage that they cannot process communication data which is transmitted in the context of Internet telephony, based on the Voice-over-IP principle, between two terminal devices disposed in different communication networks on account of a dynamically assigned address of the terminal devices involved. Accordingly the transmitted communication data is not reliably checked with regard to its content for the presence of computer viruses.
In Internet telephony, IP addresses are assigned only temporarily, in other words dynamically, by the Internet Service Providers (ISPs), which is why the IP addresses must be exchanged first before a connection is established via the Internet. However, a firewall device disposed between the communication networks is usually designed to recognize static IP addresses, in other words addresses which do not change temporarily.
International standards, specifically the H.323 or SIP standard, were created in order to enable video and audio data to be detected, transmitted and processed further in the context of Internet telephony or a multimedia conference via the Internet. This standard uses the protocols known from the Internet, such as UDP (User Data Protocol) and RTP (Real-Time Protocol). These protocols are used to transport datagrams by means of which the audio and video data is transmitted over the Internet.
Specified among other things in this standard is that telephone calls based on Voice-over-IP may consist of a number of connections, specifically the signaling, control protocol and user data connections. For these connections, the port numbers, which may only be valid for the duration of a single call, must be re-determined for each further call. These dynamically determined port numbers lead to further problems in the processing of the data by the firewall device, which is usually geared to the recognition of statically determined port numbers.